General
-
Target
8e1c3d568cc5c033db5d8e8ec761611e477660928d35b63224a8d57990ce39e3
-
Size
5.5MB
-
Sample
220427-rwhxzsdcbm
-
MD5
7f89ecf28ac7a0c7456423e4785fa4ec
-
SHA1
52f787a318332bb5254302151c3915e067c7699f
-
SHA256
8e1c3d568cc5c033db5d8e8ec761611e477660928d35b63224a8d57990ce39e3
-
SHA512
8ac25a9d2848d5790a8524aaa0fbac70006371ec743d58ced75b8b18af3e047f21e858cb4e21dde6e9346c49b93bb91c110bac07e8ca749160770df877d6c4e9
Static task
static1
Behavioral task
behavioral1
Sample
8e1c3d568cc5c033db5d8e8ec761611e477660928d35b63224a8d57990ce39e3.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
8e1c3d568cc5c033db5d8e8ec761611e477660928d35b63224a8d57990ce39e3
-
Size
5.5MB
-
MD5
7f89ecf28ac7a0c7456423e4785fa4ec
-
SHA1
52f787a318332bb5254302151c3915e067c7699f
-
SHA256
8e1c3d568cc5c033db5d8e8ec761611e477660928d35b63224a8d57990ce39e3
-
SHA512
8ac25a9d2848d5790a8524aaa0fbac70006371ec743d58ced75b8b18af3e047f21e858cb4e21dde6e9346c49b93bb91c110bac07e8ca749160770df877d6c4e9
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-